Install an Obcerv instance
To install an Obcerv instance, perform the following tasks:
You can also install multiple instances on one cluster.
Create a configuration file
- Start with an ITRS-provided sample configuration file as your baseline configuration.
- Choose and configure DNS names for this instance. Choose one DNS name for web UIs, and one for ingestion:
apps: externalHostname: www.obcerv.local ingestion: externalHostname: ingestion.obcerv.local
- If
StorageClass
resources were created earlier, set them here:defaultStorageClass: gp2 kafka: storageClass: io1-25 timescale: dataStorageClass: io1-25 walStorageClass: io1-25
- You can apply additional settings. See Configuration reference for more information.
- Save your custom parameters file, for example
obcerv.yaml
.
Note
It is possible to install using only the default parameters. However, this will result in containers with no resource limits that may consume all cluster resources. As a result, the default disk sizes may not be adequate depending on the expected volume. Consult your ITRS representative for more information.
Immutable parameters
A number of installation parameters are immutable, which means that an Obcerv instance cannot be reconfigured if you change any of these parameters. To check the full list, run helm show values
.
Some of these immutable parameters differ between the ITRS-provided sample configuration files, such as those for replicas and storage classes.
Configure TLS
TLS is used to secure network traffic inside the cluster (service to service) and outside the cluster (clients connecting via an Ingress).
Ingress TLS is always enabled and cannot be disabled. However, TLS inside the cluster is optional and enabled by default. It can be disabled in the config:
tls:
internal:
enabled: false
Additionally, self-signed certificates can be automatically generated for quickly bootstrapping non-production environments. To enable:
tls:
external:
selfSigned: true
If self-signed certificates are not enabled, then you must either:
- Configure a TLS certificate on your ingress controller (this may already exist), or…
- Manually provide TLS certificates for each ingress. Before installing, create secret(s) of type
kubernetes.io/tls
and configure via these parameters:apps: ingress: tlsSecret: my-secret ingestion: ingress: tlsSecret: my-secret
Install Obcerv
Each instance of Obcerv must be assigned a unique name, for example demo
.
helm install -f obcerv.yaml demo itrs/obcerv --version 1.1.2 -n itrs
Check the installation status
Check the progress of the installation:
kubectl describe obcerv <instanceName> -n <namespace>
Refer to the Status
section. While installation is in progress, the status will be DEPLOYING
. After a successful installation, the status will be DEPLOYED
. If any installation errors occur, the status will be FAILED
and a reason will be given.
Multiple instances on one cluster
Multiple Obcerv instances can be installed on the same cluster. Each instance must be installed in its own namespace.
Obcerv includes a Collection Agent DaemonSet
that is deployed on each node. This may lead to clashes with other Obcerv instances on the same cluster. The agent listens on the statsd
port (8125
by default) and collects logs for all pods running on that node. To avoid clashing ports and collecting duplicate logs from each instance, set the following parameters uniquely for each instance:
collection:
metrics:
statsdPort: 8126
# Only collect kube metrics for these namespace(s)
namespaces:
- "my-namespace"
logs:
# Only collect kube logs for these namespace(s)
namespaces:
- "my-namespace"